151 matches found
Huawei EulerOS: Security Advisory for gstreamer1-plugins-base (EulerOS-SA-2025-1264)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated chromium-browser-stable packages fix security vulnerabilities
High CVE-2025-1914: Out of bounds read in V8. Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools. Medium CVE-2025-1916: Use after free in Profiles. Medium CVE-2025-1917: Inappropriate Implementation in Browser UI. Medium CVE-2025-1918: Out of bounds read...
PT-2025-9687 · Unknown +2 · Tuleap Enterprise Edition +2
Name of the Vulnerable Software and Affected Versions: Tuleap versions prior to 16.4.99.1740492866 Tuleap Enterprise Edition versions prior to 16.4-6 and 16.3-11 Description: The issue concerns the management of sensitive information, specifically the password for connecting to the Redis instance...
Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management PLM to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities in question ar...
Important: emacs
Issue Overview: In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs ...
CVE-2024-5528
An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages...
openSUSE Security Advisory (SUSE-SU-2025:0277-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to ipp-3.15.0-py3-none-any.whl CVE-2024-5569
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to ipp-3.15.0-py3-none-any.whl CVE-2024-5569. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused ...
PT-2025-5287 · Apple · Macos Sonoma +2
Name of the Vulnerable Software and Affected Versions: macOS Sequoia versions prior to 15.3 macOS Sonoma versions prior to 14.7.3 Description: The issue is related to parsing a file, which may lead to an unexpected app termination. It is also associated with unlimited resource allocation,...
PT-2025-5324 · Apple · Ipados +5
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.7.3 iOS versions prior to 18.3 iPadOS versions prior to 17.7.4 and prior to 18.3 watchOS versions prior to 11.3 tvOS versions prior to 18.3 visionOS versions prior to 2.3 Description: The issue is related to incorre...
Ubuntu: Security Advisory (USN-7205-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2024:4051-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2024-16875 · WordPress · Wp Timetics
Name of the Vulnerable Software and Affected Versions: WP Timetics - AI-powered Appointment Booking Calendar and Online Scheduling Plugin versions up to, and including, 1.0.27 Description: The issue concerns a missing capability check on the "/wp-json/timetics/v1/customers/" REST API endpoint. Th...
PT-2024-9582 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 9.4 through 17.4.6 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 Description: The issue affects GitLab CE/EE and is related to an uncontrolled resource consumption. An attacker could...
PT-2024-27261 · Qnap · Quts Hero +1
Name of the Vulnerable Software and Affected Versions: QNAP operating system versions prior to QTS 5.2.1.2930 build 20241025 QNAP operating system versions prior to QuTS hero h5.2.1.2929 build 20241025 Description: A path traversal issue has been reported, potentially allowing remote attackers wi...
PT-2024-8740 · Siemens · Tecnomatix Plant Simulation +1
Name of the Vulnerable Software and Affected Versions: Teamcenter Visualization versions prior to V14.2.0.14 Teamcenter Visualization versions prior to V14.3.0.12 Teamcenter Visualization versions prior to V2312.0008 Teamcenter Visualization versions prior to V2406.0005 Tecnomatix Plant Simulatio...
Fedora 37 : mingw-expat (2022-dcb1d7bcb1)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-dcb1d7bcb1 advisory. Update to 2.4.9, fixes CVE-2022-30674. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
PT-2024-35469 · Gnu Guix · Gnu Guix
Name of the Vulnerable Software and Affected Versions: GNU Guix versions before 5ab3c4c Description: A privilege escalation issue exists because build outputs are accessible by local users before file metadata concerns, such as for setuid and setgid programs, are properly addressed. This issue ca...
PT-2024-7957
Name of the Vulnerable Software and Affected Versions Cisco Desk Phone 9800 Series versions prior to the fixed version Cisco IP Phone 7800 Series versions prior to the fixed version Cisco IP Phone 8800 Series versions prior to the fixed version Cisco Video Phone 8875 versions prior to 14.21SR3...
CVE-2024-47780 Information Disclosure in TYPO3 Page Tree
TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected...